The Importance of being prepared for a Data Breach

With data breaches making healines every other day, it is important now more than ever to be prepared for the event of a Data Breach. According to Research Reports done by Ponemon Institute on Data Breach Preparedness they found that while a few companies are making valuable changes many companies are deficient in governance and security practices. Effective preparedness includes: keeping the data breach response plan up-to-date, conducting risk assessments of areas vulnerable to a breach, continuous monitoring of information systems to detect unusual and anomalous traffic and investing in technologies that enable timely detections of a security breach.

In addition to helping a company prepare for a breach, the existence of a plan can reduce the overall cost of an incident. The 2014 Cost of Data Breach Study: United States reported that the average cost for each lost or stolen record was $201. However, if a company has a formal incident response plan in place prior to the incident, the average cost of a data breach was reduced as much as $17 per record.

So where do you begin your Data Breach Preparedness Plan?

Begin by assigning a knowledgeable personto head a response team (CISO-Chief Information Security Officer, CO-Compliance Officer, Head of Business Continuity Management, Chief Information Officer, Chief Risk Officer, Head of PR and Communications, General Counsel, Chief Privacy Officer or Human Resources)

The response team should acquire such skills such as IT security, legal and public relations and privacy

Talk to your insurance broker about adding a Data Breach or Cyber Insurance policyor adding an endorsement to your current liability coverage

What are the technical security considerations?

Risks created by end-users and mobile devices

Know what technologies are available to quickly detect a data breach

Prepare through Risk Assessments & Monitoring

Risk access information systems for unusual or anomalous traffic

Consider drills, procedures and oversight that help improve upon the data breach response plan becoming more effective